I have a source tree owned by root (a website). I created a new group called deploy and added a user to it also called deploy. What I want is both the groups [root] and [deploy] to have write access to the full tree, i.e. from www downwards. This is so the deploy user can update the source via FTP when needed, but it still secure because its owned by root and "deploy" can only update this tree. How is this done please? Thanks...

gilead

03-26-2006 03:03 AM

It's not so much the being owned by root that makes it secure, it's the lack of access by other users. So, if you trust the members of the deploy group you can make the source tree group owned by them with chgrp -R deploy /var/www You'll might need to set the gid bit so that files that get ftp'ed into the structure keep the correct group name with find /var/www -type d -exec chmod g+s {} \;

There may be a cleaner way to do that, but I'm about to go out so I can't go looking for it. Hope it helps anyway...